<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 15 June 2016 at 11:40, Jason T. Greene <span dir="ltr"><<a href="mailto:jason.greene@redhat.com" target="_blank">jason.greene@redhat.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="">
<br>
> On Jun 14, 2016, at 7:04 PM, Greg Wilkins <<a href="mailto:gregw@webtide.com">gregw@webtide.com</a>> wrote:<br>
><br>
> If SslEngine is changed to allow the negotiated application protocol to be set up until the time the hello response was wrapped, that would fix the problem. Would it create any others?<br>
<br>
</span>Well the fundamental issue is that the application protocol isn't a direct function of a cipher, rather the application protocol has a policy of allowed ciphers and optimal selection is finding the most recent protocol with a matching allowed cipher.</blockquote></div><div class="gmail_extra"><br></div>So doesn't that make application protocol a function of the negotiated cipher? Isn't working out which of the acceptable protocols allows the negotiated cipher a function?</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Put another way, it is not possible to implement:</div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_extra"><font face="monospace, monospace">Protocol selectProtocol(List<Cipher> mutualAcceptableCiphers, </font></div><div class="gmail_extra"><font face="monospace, monospace"> List<Protocol> mutualAcceptableProtocols)</font></div><div class="gmail_extra"><font face="monospace, monospace"><br></font></div></blockquote><div class="gmail_extra">such that it always returns a correct result, as a acceptable cipher may not allowable for a given acceptable protocol. Furthermore it ls not possible to implement:</div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_extra"><font face="monospace, monospace">String selectProtocol(List<Pair<Cipher,Protocol>> mutualAcceptable) </font></div><div class="gmail_extra"><font face="monospace, monospace"><br></font></div></blockquote><div class="gmail_extra">because within that function there is no indication of what ciphers might be negotiated. </div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">So further information is needed, which could either be:</div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_extra"><div class="gmail_extra"><font face="monospace, monospace">String selectProtocol(List<Pair<Cipher,Protocol>> mutualAcceptable,</font></div></div><div class="gmail_extra"><div class="gmail_extra"><font face="monospace, monospace"> List<Certificate> availableCertificates,</font></div></div><div class="gmail_extra"><div class="gmail_extra"><font face="monospace, monospace"> IPAddress host) </font></div><div class="gmail_extra"><font face="monospace, monospace"><br></font></div></div></blockquote><div class="gmail_extra">Which requires the implementation to rework the certificate selection and SNI logic that is already performed by SslEngine. Either this logic needs to be duplicated (fragile) or an extra instance of SslEngine would need to be used to duplicate the logic.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Alternately the function could be implemented as:</div><div class="gmail_extra"><br></div><div class="gmail_extra"><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_extra"><div class="gmail_extra"><font face="monospace, monospace">String selectProtocol(List<Pair<Cipher,Protocol>> mutualAcceptable,</font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_extra"><div class="gmail_extra"><font face="monospace, monospace"> Cipher negotiatedCipher</font><span style="font-family:monospace,monospace">) </span></div><div class="gmail_extra"><span style="font-family:monospace,monospace"><br></span></div></div></blockquote></div><div class="gmail_extra">ie a function of the negotiated cipher, but as the negotiatedCipher is known only after the Hello message is unwrapped, this would require that SslEngine allows setApplicationProtocol to be called after the hello unwrap but before the hello response wrap.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I guess the other alternative would be to replace the <span style="color:rgb(0,0,0);font-family:Verdana,Geneva,Helvetica,Arial,sans-serif;font-size:13.44px">SSLParameters.</span><font face="monospace, monospace">setApplicationProtocols(List<Protocol>)</font> method with something like: </div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="color:rgb(0,0,0);font-family:Verdana,Geneva,Helvetica,Arial,sans-serif;font-size:13.44px">SSLParameters</span><span style="font-family:monospace,monospace">.setApplicationProtocols(Function<Cipher,Protocol> selectProtocol) </span><div class="gmail_extra"><font face="monospace, monospace"><br></font></div></blockquote><div class="gmail_extra">or</div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="color:rgb(0,0,0);font-family:Verdana,Geneva,Helvetica,Arial,sans-serif;font-size:13.44px">SSLParameters</span><span style="font-family:monospace,monospace">.</span><span style="font-family:monospace,monospace">setApplicationProtocols(List<Pair<Cipher,Protocol>> cipherProtocolPairs) </span><div class="gmail_extra"><font face="monospace, monospace"><br></font></div></blockquote><div class="gmail_extra">or</div><div class="gmail_extra"><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><span style="color:rgb(0,0,0);font-family:Verdana,Geneva,Helvetica,Arial,sans-serif;font-size:13.44px">SSLParameters</span><span style="font-family:monospace,monospace">.</span><span style="font-family:monospace,monospace">setApplicationProtocols(Map<Cipher,Protocol>> protocolsForCiphers) </span></blockquote><div class="gmail_extra"> </div><div class="gmail_extra"><br></div><div class="gmail_extra">In short, either the cipher/SNI logic of SslEngine has to be duplicated or the selection of the protocol needs to be deferred until after the cipher is negotiated - either by allowing the setter to be called after negotiation or by giving the SslEngine the information to know what protocols are acceptable for which ciphers.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">I believe that duplication is unacceptable for a new feature like ALPN. Does anybody really believe that it is acceptable?</div><div class="gmail_extra">Are there any other alternatives other than the ones I've outlined above? <br></div><div class="gmail_extra"><br></div><div class="gmail_extra">cheers</div><div class="gmail_extra"><br></div><div class="gmail_extra">PS. The Cipher and Protocol types would most likely just be String in all of the above examples. Using strong typing in the examples for clarity.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra"><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Greg Wilkins <<a href="mailto:gregw@webtide.com" target="_blank">gregw@webtide.com</a>> CTO <a href="http://webtide.com" target="_blank">http://webtide.com</a><br></div></div>
</div></div>